Using the Root Account on Debian
Pages: 1, 2
The /etc/sudoers configuration file controls the use of
sudo. You should never edit the file directly, but only through the use of the
visudo command. The expression of permissions in
sudoers is very flexible, allowing a tight degree of control over what others can run.
For example, to give the user
fred the ability to run the
kill program as root, add the following line to
fred ALL = /usr/bin/kill
ALL means that the command can be run on any machine, which is useful if you are sharing the
sudoers configuration over multiple machines on a network. The manual page describes the
sudoers file format in detail; read it with
man sudoers. Its very powerful flexibility allows fine-grained control over the allocation of privileges to users.
If you are happy with
sudo, you may wish to disable root's password completely, meaning that everybody must use
sudo to execute privileged commands. Do this with
sudo passwd -l root. To reverse the process, run
sudo passwd -u root.
Should I Really Always Use
One or two problems that arise from relying on
sudo exclusively can mean you need to be careful. These coincide with the use of systems such as NIS or LDAP to control user accounts--these systems use (possibly remote) databases to provider user information. If an operation you run under
sudo causes these services to fail, you will not be able to run
sudo again to get out of the mess, due to the system's not being able to find information on your user account.
The answer to this is either to not disable the root login, to perform such dangerous operations in a root shell, or to use
sudo -s to start a root shell session. Although such situations are rare, you should be aware of this risk, especially when running a development version of Debian, where failure during software upgrade is a possibility. Also, you can configure NIS or LDAP to fall back to a local user database, in which you can create yourself a backup account.
Finding Out More
The best way to learn about root privileges on your Debian system is to read the manual pages for
sudo. Do this with the
Edd Dumbill is co-chair of the O'Reilly Open Source Convention. He is also chair of the XTech web technology conference. Edd conceived and developed Expectnation, a hosted service for organizing and producing conferences. Edd has also been Managing Editor for XML.com, a Debian developer, and GNOME contributor. He writes a blog called Behind the Times.
Return to the Linux DevCenter.